NVIDIA Infra Controller (NICo) delivers zero-touch lifecycle automation for bare-metal systems that secures datacenter infrastructure at its foundation.
It is an API-based microservice that provides site-local, zero-trust, bare-metal lifecycle management with DPU-enforced isolation. NICo automates the complexity of the bare-metal lifecycle to fast-track building next generation AI Cloud offerings.
- Go to the NVIDIA Infra Controller overview to get an overview of NICo architecture and capabilities.
- Or jump to the Quick Start Guide to start setting up your site for NICo.
- Check out Local Development with DevSpace to run NICo locally with mock systems.
helm-prereqs/setup.sh deploys the full NVIDIA Infra Controller stack onto a bare-metal Kubernetes cluster in three layers:
| Layer | What it installs | Helm release |
|---|---|---|
| Common services | MetalLB, cert-manager, Vault, external-secrets, PostgreSQL | via helmfile in helm-prereqs/ |
| NICo Core | NVIDIA Infra Controller (this repo's helm/ chart) |
nico in nico-system |
| NICo REST | NVIDIA Infra Controller's REST API, Temporal, Keycloak, site-agent | nico-rest + nico-rest-site-agent in nico-rest |
- A running Kubernetes cluster with
KUBECONFIGset helm,helmfile,kubectl,jqinstalled- Images pushed to your container registry
# 1. Build and push images to your registry
# NICo Core image: <your-registry>/nvmetal-nico:<tag> (this repo)
# NICo REST images: <your-registry>/nico-rest-api:<tag>, etc. (infra-controller-rest)
# 2. Set environment variables
export KUBECONFIG=/path/to/kubeconfig
export NICO_IMAGE_REGISTRY=<your-registry> # e.g. my-registry.example.com/infra-controller
export NICO_CORE_IMAGE_TAG=<nico-core-tag> # e.g. 2.0.0-pr-58-g38a54a3f
export NICO_REST_IMAGE_TAG=<nico-rest-tag> # e.g. 2.0.0-pr-58-g38a54a3f
# export REGISTRY_PULL_SECRET=<raw API key> # optional; raw key for authenticated registries
# 3. Customize site-specific values
# Edit helm-prereqs/values/nico-core.yaml:
# nico-api.hostname — your site's external API hostname
# nico-api.siteConfig — network pools, VLAN ranges, IB config, MetalLB VIPs
# Edit helm-prereqs/values/metallb-config.yaml:
# IPAddressPool, BGPPeer — your site's VIP ranges and TOR switch config
# Edit helm-prereqs/values.yaml:
# siteName — short site identifier
# 4. Point NICO_REST_REPO at infra-controller-rest (auto-detected if a sibling directory)
export NICO_REST_REPO=/path/to/infra-controller-rest # optional
# 5. Run setup — installs common services, NICo Core, and NICo REST in order
cd helm-prereqs
./setup.sh # interactive — prompts before deploying Core and REST
./setup.sh -y # non-interactive — deploys everything (CI/CD)To tear everything down:
cd helm-prereqs
./clean.shSee helm-prereqs/README.md for the full reference: PKI architecture, PostgreSQL setup, phase-by-phase description, secrets reference, and troubleshooting.
This software is considered experimental and is a preview release. Use at your own risk in production environments. The software is provided "as is" without warranties of any kind. Features, APIs, and configurations may change without notice in future releases. For production deployments, thoroughly test in non-critical environments first.